Wednesday, July 25, 2012

Iranian nuclear program hit by AC/DC virus

A scientist working at the Atomic Energy Organisation of Iran said computer systems have been hit by a cyber-attack which forced them to play AC/DC’s Thunderstruck at full volume in the middle of the night.

The attack came to light after a researcher at security firm F-Secure received a string of emails from a Iran's atomic energy organisation."I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom."

"It does sound really weird," he said. "If there was an attack, why would the attacker announce themselves by playing 'Thunderstruck?" If true, this attack is the third hacking attempt aimed at Tehran’s controversial nuclear program.

It sounds like the AEOI may have been hit with an infrastructure-targeting malware attack, similar to those that have plagued the Middle East since 2010 starting with Stuxnet. However, there’s no independent confirmation of this attack’s existence.

The scientist reported that the virus came through a simple and cheap open-source project that finds vulnerabilities in software.

See the full e-mail below:

I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom.

According to the email our cyber experts sent to our teams, they believe a hacker tool Metasploit was used. The hackers had access to our VPN. The automation network and Siemens hardware were attacked and shut down. I only know very little about these cyber issues as I am scientist not a computer expert.

There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing ‘Thunderstruck’ by AC/DC.